Maintaining Your WAAS System

This chapter describes the tasks that you may need to perform to maintain your WAAS system.

Note Throughout this chapter, the term WAAS device is used to refer collectively to the WAAS Central Managers and WAEs in your network. The term WAE refers to WAE and WAVE appliances, SM-SRE modules running WAAS, and vWAAS instances.

Upgrading the WAAS Software

Table 16-1 outlines the steps you must complete to upgrade your WAAS software to a more recent version.

We recommend that all devices in your WAAS network should be running the same version of the WAAS software. If some of your WAAS devices are running different software versions, the WAAS Central Manager should be the highest version. For details on version interoperability limitations, see the Release Note for Cisco Wide Area Application Services.

If the WAAS Central Manager sees any registered WAE devices that are at a higher version level, it raises a minor alarm to alert you. Additionally, the WAE devices are shown in red on the device listing page.

WAAS Central Manager version 5.2.1 can manage WAE devices that are running version 4.2.1 and later releases. Some WAAS Central Manager windows (with new features) are not applicable to WAAS devices that are running a version lower than 5.2.1. If you modify the configuration in such windows, the configuration is saved, but it has no effect on the device until the device is upgraded to version 5.2.1.

Note WAAS version 5.2 is not supported running in a mixed version WAAS network where any WAAS device is running a software version lower than 4.2.1. If you have any WAAS devices running versions earlier than 4.2.1, you must first upgrade them to version 4.2.1 (or a later version) before you install version 5.2 on the Central Manager. Do not upgrade any device to a version later than the existing Central Manager version. After all devices are running version 4.2.1 or a later version, you can begin the upgrade to version 5.2 on the WAAS Central Manager. Directly upgrading a device from version 4.0, 4.1, or 4.2, to 5.2 is not supported.

Upgrading is supported only from certain older releases to a particular release. If you have a WAAS device that is running a release from which upgrading to the desired release is not supported, first upgrade the device to an intermediate supported release and then to the final desired release. For details on what versions are supported for upgrades, see the Release Note for Cisco Wide Area Application Services for the software version to which you want to upgrade.

Table 16-1 Checklist for Upgrading the WAAS Software

Task

Additional Information and Instructions

Determine the current software version running on your WAAS network.

Check the software version that you are currently using so when you go to Cisco.com, you know if there is a newer version to download.

Delete the software version file.

If you need to downgrade or roll back the WAAS software to a lower version, first downgrade or roll back the WAE devices, then the standby Central Manager (if applicable), and finally the primary Central Manager. For more information about downgrading, see the Release Note for Cisco Wide Area Application Services for your software version.

Determining the Current Software Version

To view the current software version running on any particular device, choose Devices > All Devices. The All Devices window displays the software version for each device listed.

You can also click Devices > device-name or the Edit icon next to the name of a device in the Devices window. The Device Dashboard window appears, listing the software version for that device.

Note The software version is not upgraded until a software upgrade has been successfully completed. If a software upgrade is in progress, the version number displayed is the base version, not the upgraded version number.

Alternatively, in the device context, choose Monitor > CLI Commands > Show Commands. Choose version and click Submit. A secondary window pops up and displays the CLI output for the show version command.

Obtaining the Latest Software Version from Cisco.com

To obtain the latest WAAS software version from Cisco.com, follow these steps:

Step 3 Choose the WAAS software version that you want and download the appropriate software image (Universal, Accelerator only, or No Payload Encryption [NPE]).

Step 4 Register the location of the software file in the WAAS Central Manager GUI, as described in the section that follows.

Specifying the Location of the Software File in the WAAS Central Manager GUI

To upgrade your WAAS software, you must first specify the location of the WAAS software file in the WAAS Central Manager GUI and configure the software file settings.

There are two types of WAAS software files, as follows:

Universal—Includes Central Manager, Application Accelerator, and AppNav Controller functionality. You can use this type of software file to upgrade a device operating in any mode.

Accelerator only—Includes Application Accelerator and AppNav Controller functionality only. You can use this type of software file to upgrade only an Application Accelerator or AppNav Controller device. If you want to change an Application Accelerator or AppNav Controller to a Central Manager, you must install the Universal software file, reload the device, change the device mode to central-manager, and then reload the device again. Additionally, kdump analysis functionality is not included in the Accelerator only image.

Step 3 In the Software File URL field, specify the location of the new WAAS software file as follows:

a. Choose a protocol (http or ftp) from the drop-down list.

b. Enter the URL for the.bin software file that you downloaded from Cisco.com. For example, a valid URL might look like the following:

http://internal.mysite.com/waas/WAAS-xxxx-K9.bin

where WAAS- xxxx -K9.bin is the name of the software upgrade file. (The filename typically includes the version number.)

Be sure that the URL identifies the correct type of software image for the devices you want to upgrade, either Universal or Accelerator only.

Step 4 If your server requires user login authentication, enter your username in the Username field and enter your login password in the Password field. Enter the same password in the Confirm Password field.

The Software Version and Image Type fields cannot be edited. They are filled in automatically after you submit the settings and the image is validated.

Step 5 In the Advanced Settings section, check the Auto Reload check box to automatically reload a device when you upgrade the software. If you do not check this box, you will need to manually reload a device after you upgrade the software on it to complete the upgrade process.

Note During a device reload, any virtual blades running on the device are shut down and may be adversely affected due to a potential incompatibility with the virtualization software. Therefore, you should stop the running images gracefully before reloading.

Step 6 (Optional) Enter comments in the field provided.

Step 7 Click Submit.

The software image file is validated and the Software Version and Image Type fields are filled in with the appropriate information extracted from the image file.

Caution If your browser is configured to save the username and password for the WAAS Central Manager GUI, the browser will autopopulate the username and password fields in the Creating New Software File window. You must clear these fields before you click
Submit.

The software file that you want to use is now registered with the WAAS Central Manager. When you perform the software upgrade or downgrade, the URL that you just registered becomes one of the choices available in the Update Software window.

To reload a device from the CLI, use the reload EXEC command.

Note When you are viewing the list of registered software files, if the Image Type column shows Unknown for a software file, it indicates that the software file was added under a WAAS version previous to 4.2.1. These Unknown software files must be resubmitted if you want to use them. Click the Edit icon next to the file to open the Modifying Software File window, and then click the Submit button to resubmit the file.

Upgrading the WAAS Central Manager

Primary and standby WAAS Central Manager devices must be running the same version of WAAS software. If they are not, the standby WAAS Central Manager detects this and will not process any configuration updates it receives from the primary WAAS Central Manager. If the primary WAAS Central Manager sees that the standby WAAS Central Manager has a different version level, it shows the standby WAAS Central Manager in red on the device listing page.

If you use the primary WAAS Central Manager to perform the software upgrade, you need to upgrade your standby WAAS Central Manager first, and then upgrade your primary WAAS Central Manager. We also recommend that you create a database backup for the primary WAAS Central Manager and copy the database backup file to a safe place before you upgrade the software.

Use this upgrade procedure for WAAS Central Manager devices. You can also use this upgrade procedure to upgrade WAAS devices one at a time (after the WAAS Central Manager).

To upgrade your software to another WAAS software release on a single device, follow these steps:

The Devices listing window reappears. You can monitor the progress of your upgrade from this window.

Software upgrade status messages are displayed in the Software Version column. These intermediate messages are also written to the system log on the WAAS devices. See Table 16-2 for a description of upgrade status messages.

Step 6 Clear your browser cache, close the browser, and restart the browser session to the WAAS Central Manager.

The WAAS Central Manager may reboot at the conclusion of the upgrade procedure (if Auto Reload was checked in the Creating New Software File window), causing you to temporarily lose contact with the device and the graphical user interface.

Table 16-2 Upgrade Status Messages

Upgrade Status Message

Condition

Pending

The request has yet to be sent from the WAAS Central Manager to the device, or receipt of the request has yet to be acknowledged by the device.

Downloading

The download method for the software file is being determined.

Proceeding with Download

The download method for the software file is determined to be direct download. Proceeding with the request for direct download of the software file.

Download in Progress (Completed …)

The direct download of the software file is being processed. “Completed” indicates the number of megabytes processed.

Download Successful

The direct download of the software file has been successful.

Download Failed

The direct download of the software file cannot be processed. Further troubleshooting is required; see the device system message log. If you are upgrading several devices at once, the download may fail if the server hosting the software file becomes overloaded with requests. Retry the upgrade by clicking the Retry link if shown.

Proceeding with Flash Write

A request has been made to write the software file to the device flash memory.

Flash Write in Progress (Completed …)

The write of the device flash memory is being processed. “Completed” indicates the number of megabytes processed.

Flash Write Successful

The flash write of the software file has been successful.

Reloading

A request to reload the device has been made in order to complete the software upgrade. The device may be offline for several minutes.

Reload Needed

A request to reload the device has not been made. The device must be reloaded manually to complete the software upgrade.

Cancelled

The software upgrade request was interrupted, or a previous software upgrade request was bypassed from the CLI.

Update Failed

The software upgrade could not be completed. Troubleshooting is required; see the device system message log. If you are upgrading several devices at once, the upgrade may fail if the server hosting the software file becomes overloaded with requests. Retry the upgrade by clicking the Retry link if shown.

If you are updating many devices and you want to use a smaller size software file to save network bandwidth, specify a software file with an image type of Accelerator only, which is smaller than a Universal image. If you later want to change an Accelerator-only device to a Central Manager, you must install the Universal software file, reload the device, change the device mode to central-manager, and then reload the device again.

Step 4 Click Submit.

To view the progress of an upgrade, go to the All Devices window (Devices > All Devices) and view the software upgrade status message in the Software Version column. These intermediate messages are also written to the system log on WAAS devices. See Table 16-2 for a description of the upgrade status messages.

Upgrading Central Manager to new hardware and converting an existing Central Manager to a WAE

If you want to add a new piece of hardware as a primary Central Manager and want to use the existing Central Manager as a WAE, it is important to first add it to the system and then configure it.

Note Doing a database backup of the former Central Manager and restoring it on the new device prevents it from being used as a WAE later.

To upgrade to a new Central Manager and convert an existing Central Manager to a WAE, follow these steps:

Step 1 Add a hardware device as the new Central Manager and configure it as a standby Central Manager. There might be multiple standby Central Managers in the system. For more information, see “ Configuring the Central Manager Role”.

Step 3 Disable cms service and execute cms deregister at the former Central Manager CLI interface to remove it from the CM database. If there is no connectivity between the devices anymore, use cms deregister force and also manually delete the former Central Manager in the new Central Manager GUI.

Step 4 Rename the former Central Manager, change the IP address, change its mode using the device mode command and reload using the reload command.

wae# configurewae(config)# device mode application-acceleratorThe new configuration will take effect after reload.wae# reload

Step 5 Rename the new primary Central Manager and change its IP address to fully replace the former one. Otherwise you will need to update the configuration of your devices to point to the new address of the Central Manager. Please contact Cisco TAC for scripts.

wae(config)# hostname old primary central-manager name

wae(config-if)# ip address ipaddress netmask.

Deleting a Software File

After you have successfully upgraded your WAAS devices, you can remove the software file from your WAAS system.

Note You may want to wait a few days before removing a software file in the event you need to downgrade your system for any reason.

Backing Up and Restoring the WAAS Central Manager Database

The WAAS Central Manager device stores WAAS network-wide device configuration information in its Centralized Management System (CMS) database. You can manually back up the CMS database contents for greater system reliability.

The CMS database backup is in a proprietary format that contains an archive database dump, WAAS Central Manager registration information, and device information that the WAAS Central Manager uses to communicate with other WAAS devices. CMS database backup files are not interchangeable between primary and standby WAAS Central Manager devices. This means you cannot use the backup file from a primary WAAS Central Manager to restore a standby WAAS Central Manager.

To back up the CMS database for the WAAS Central Manager, use the cms database backup EXEC command. For database backups, you need to specify the location, password, and user ID of the remote server that you want to store the backup file. If you want to backup only the configuration information, use the cms database backup config EXEC command.

Note If you have a backup made when the secure store was in user-passphrase mode and you restore it to a system where the secure store is in auto-passphrase mode, you must enter the user passphrase to proceed with the restore. After the restore, the system is in user-passphrase mode. If you have a backup made when the secure store was in auto-passphrase mode and you restore it to a system where the secure store is in user-passphrase mode, you do not need to enter a password. After the restore, the system is in auto-passphrase mode.

To back up and restore the CMS database, follow these steps:

Step 1 On the WAAS Central Manager GUI device, use the cms database backup command to back up the CMS database to a file, as shown in the following example:

Note The backup file is automatically given a name in the following format cms-db-date-timestamp_version.dump. For example, cms-db-7-22-2010-17-36_4.3.1.0.1.dump. Note that the timestamp is in a 24-hour format (HH:MM) that does not show seconds. It is stored in the following location: /local1/backup.

Step 2 Save the file to a remote server by using the copy disk ftp command.

This command copies the file from the local disk to a remote FTP server, as shown in the following example:

Note Stopping the CMS service disables the WAAS Central Manager GUI. All users currently logged into this GUI are automatically logged out once the CMS service is disabled.

b. Delete the existing CMS database:

CM# cms database delete

c. Initialize the CMS database:

CM# cms database create

d. Restore the CMS database contents from the backup file:

CM# cms database restore backup/cms-db-7-22-2008-17-36_4.1.3.0.1.dump

Note After the restore, any WAEs that were registered with the Central Manager during the time since the backup was created will be disconnected from the Central Manager because there is no information about them in the backup file. To bring these WAEs online, you must deregister and reregister them with the Central Manager. On each WAE that was disconnected, use the following commands:WAE# cms deregister forceWAE# configureWAE(config)# cms enable

CLI—You can use the copy running-config command to back up and restore a device’s configuration. This command saves the currently running configuration.

Additionally, you can restore a WAE to the default configuration that it was manufactured with at any time by removing the user data from the disk and Flash memory, and erasing all existing files cached on the appliance. Basic configuration information, such as network settings, can be preserved. The appliance is accessible through Telnet and Secure Shell (SSH) after it reboots.

Note If software upgrades have been applied, the restoration process returns to the defaults of the currently installed version and not the factory defaults.

To restore a WAE to its factory defaults or the defaults of the current configuration from the CLI, use the restore factory-default [ preserve basic-config ] EXEC command.

For more information about the CLI commands, see the Cisco Wide Area Application Services Command Reference.

Reinstalling the System Software

This section contains instructions for using the software recovery files to reinstall your system software if for some reason the software that is installed has failed. A software recovery CD-ROM ships with some WAE and WAVE hardware devices and some WAVE devices use a USB flash drive for recovery.

Caution If you upgraded your software after you received your software recovery CD-ROM or image files, using the recovery software images may downgrade your system. Ensure that you are using the desired software recovery version.

The WAAS software consists of three basic components:

Disk-based software

Flash-based software

Hardware platform cookie (stored in flash memory)

All of these components must be correctly installed for WAAS software to work properly.

The software is contained in two types of software images provided by Cisco Systems:

A.bin image that contains disk and flash memory components (the Universal version of the WAAS software)

A.sysimg image that contains a flash memory component only

An installation that contains only the WAAS flash memory-based software, without the corresponding disk-based software, boots and operates in a limited mode, allowing for further disk configuration before completing a full installation.

The.sysimg component is provided for recovery purposes and allows for repair of flash memory only without modifying the disk contents.

Note The system image used depends on your device. For all WAVE and WAE-674/7341/7371 devices (64-bit platforms), use the 64-bit system image (with “x86_64” in its name). For all other devices, use the 32-bit system image named without this designator.

An NPE image is provided that has the disk encryption feature disabled for use in countries where disk encryption is not permitted.

If you have a WAVE appliance that requires a USB flash drive for software recovery, your USB flash drive must contain both of the needed software images in the form of an ISO archive file that you copy to the flash drive. (See the “Preparing the USB Flash Drive” section).

These options are available from the software recovery installer menu:

Option 1: Configure Network—If the.bin image you need to install is located on the network instead of the CD-ROM or USB flash drive (which may be the case when an older CD-ROM or USB image is used to install new software), then you must choose this option to configure the network before attempting to install the.bin image.

This option is performed automatically if you install a.sysimg file from the network.

Option 2: Manufacture Flash—This option verifies the flash memory and, if invalid, automatically reformats it to contain a Cisco standard layout. If reformatting is required, a new cookie is installed automatically.

This option is performed automatically as part of a.bin or.sysimg installation.

Option 3: Install Flash Cookie—This option generates a hardware-specific platform cookie and installs it in flash memory. You need to use this option only if there has been a change in the hardware components, such as replacing the motherboard, or if you moved a flash memory card between systems.

This option is performed automatically during the flash manufacturing process, if needed, as part of a.bin or.sysimg installation.

Option 4: Install Flash Image from Network and Option 5: Install Flash Image from USB/CD-ROM —These options allow installation of the flash memory.sysimg only and do not modify disk contents. They may be used when a new chassis has been provided and populated with the customer’s old disks that need to be preserved.

These options automatically perform flash verification and hardware cookie installation, if required. When installing from the network, you are prompted to configure the network if you have not already done so.

Option 6: Install Flash Image from Disk—This option is reserved for future expansion and is not available.

Caution Option 8 erases the content from all disk drives in your device.

This option performs the following steps:

a. Checks that flash memory is formatted to Cisco specifications. If yes, the system continues to step b. If no, the system reformats the flash memory, which installs the Cisco file system, and generates and installs a platform-specific cookie for the hardware.

b. Erases data from all drives.

c. Remanufactures the default Cisco file system layout on the disk.

d. Installs the flash memory component from the.bin image.

e. Installs the disk component from the.bin image.

Note When option 8 is used and the system reboots and begins optimizing traffic, the show disks details command may show that the /dre1 partition is 98% or more used, due to the preallocation of DRE cache space. Use the show statistics dre command to display the actual DRE cache usage.

Option 9: Exit (reboot)—This option ejects the CD-ROM (if applicable) and reboots the device. If you are using a USB flash drive for software installation, remove it from the device before rebooting.

The following sections describe how to reinstall the WAAS system software:

Preparing the USB Flash Drive

If you have a WAVE appliance that requires a USB flash drive for software recovery, you must prepare the USB flash drive with the appropriate files before you can start the software recovery process. You will need the following:

Windows PC (Windows XP or 7) or Mac computer

USB flash drive that is 1 GB or larger in size

The following software recovery files:

– WAAS Rescue CD ISO image file, which is available in the WAAS Software Download area of Cisco.com. The filename is similar to waas-rescue-cdrom- x. x. x. x -k9.iso, where the x ’s denote the software version number. Alternatively, the ISO image file is available on the WAAS release DVD, or you can make an ISO image file from a WAAS recovery CD.

– syslinux.cfg file, which is also available in the WAAS Software Download area of Cisco.com and on the WAAS release DVD.

To prepare the USB flash drive on a Windows or MAC computer, follow these steps:

Step 1 Transfer the software recovery files onto the computer, noting the directory where they are stored.

Step 2 Insert the USB flash drive into a USB port on the computer.

Step 3 Open My Computer (Windows) or Disk Utility (MAC).

Step 4 Format the USB flash drive:

For Windows, right click on the Removable Disk (drive letter will vary with system) and select Format.

In the formatting tool, select FAT32 for the File System and check the Quick Format check box, and then click Start. Click OK on the warning message. Close the formatting tool after the formatting is complete.

For MAC, select the USB drive on the left side, then use the Erase tab to format for use with MS-DOS (FAT)

Reinstalling the System Software

To reinstall the system software on a WAE appliance using the software recovery CD-ROM or USB flash drive, follow these steps:

Step 1 Connect a serial console to the WAAS appliance and use the console for the following steps.

Step 2 Insert the software recovery CD-ROM in the CD drive of the WAE device or, if the device uses a USB flash drive for recovery, insert a bootable USB flash drive with the software recovery files into the USB port of the device (see the “Preparing the USB Flash Drive” section). WAVE-294/594/694/7541/7571/8541 devices do not have CD drives and instead use a USB flash drive for software recovery.

Step 3 Reboot the WAE. During the boot process, the boot loader pauses for 30 seconds and you must choose the VGA console if you are using vWAAS. The prompt is shown as follows:

Type "serial" for WAE/WAVE appliance. Type "vga" for vWAAS. boot:

Enter the vga command at the prompt to continue the boot process for the VGA console on vWAAS. After 30 seconds with no input, the boot process continues with the standard serial console for WAAS appliances.

Note The option numbers in the installer main menu may vary, depending on the WAAS software release being installed.

Step 4 Choose option 2 to prepare the flash memory.

This step prepares a cookie for the device and also retrieves the network configuration that was being used by the WAAS software. This network configuration is stored in the flash memory and is used to configure the network when the WAAS software boots up after installation.

Step 5 Choose option 3 to install the flash cookie that you prepared in the previous step.

Step 3 While the module is reloading, you will see the following option during boot phase 3. Enter *** as instructed:

[BOOT-PHASE3]: enter `***' for rescue image: ***

Step 4 The rescue image dialog appears. The following example demonstrates how to interact with the rescue dialog (user input is denoted by entries in bold typeface):

This is the rescue image. The purpose of this software is to letyou install a new system image onto your system's boot flashdevice. This software has been invoked either manually(if you entered `***' to the bootloader prompt) or has beeninvoked by the bootloader if it discovered that your system imagein flash had been corrupted.To download an image from network, this software will requestthe following information from you: - which network interface to use - IP address and netmask for the selected interface - default gateway IP address - FTP server IP address - username and password on FTP server - path to system image on serverPlease enter an interface from the following list: 0: GigabitEthernet 1/0 1: GigabitEthernet 2/0enter choice: 0Using interface GigabitEthernet 1/0Please enter the local IP address to use for this interface:[Enter IP Address]: 10.1.13.2Please enter the netmask for this interface:[Enter Netmask]: 255.255.255.240Please enter the IP address for the default gateway:[Enter Gateway IP Address]: 10.1.13.1Please enter the IP address for the FTP server where you wishto obtain the new system image:[Enter Server IP Address]: 10.107.193.240Please enter your username on the FTP server (or 'anonymous'):[Enter Username on server (e.g. anonymous)]: usernamePlease enter the password for username 'username' on FTP server: Please enter the directory containing the image file on the FTP server:[Enter Directory on server (e.g. /)]: /Please enter the file name of the system image file on the FTP server:[Enter Filename on server]: WAAS-5.1.1.10-K9.sysimgHere is the configuration you have entered:Current config: IP Address: 10.1.13.2 Netmask: 255.255.255.240 Gateway Address: 10.1.13.1 Server Address: 10.107.193.240 Username: username Password: ********* Image directory: / Image filename: WAAS-5.1.1.10-K9.sysimgAttempting download...Downloaded 15821824 byte image fileA new system image has been downloaded.You should write it to flash at this time.Please enter 'yes' below to indicate that this is what you want to do:[Enter confirmation ('yes' or 'no')]: yesOk, writing new image to flash.................................................................................. done.Finished writing image to flash.Enter 'reboot' to reboot, or 'again' to download and install a new image:[Enter reboot confirmation ('reboot' or 'again')]: rebootRestarting system.

Step 5 After the module reboots, install the.bin image from an HTTP server:

NM-WAE-1# copy http install 10.77.156.3 /waas WAAS-5.1.1.10-k9.bin

Step 6 Reload the module:

NM-WAE-1# reload

After the module reboots, it is running the newly installed WAAS software.

Ensuring RAID Pairs Rebuild Successfully

You must ensure that all RAID pairs are done rebuilding before you reboot your WAE device. If you reboot while the device is rebuilding, you risk corrupting the file system.

RAID pairs will rebuild on the next reboot after you use the restore factory-default command, replace or add a hard disk drive, delete disk partitions, or reinstall WAAS from the booted recovery CD-ROM or USB flash drive.

To view the status of the drives and check if the RAID pairs are in “NORMAL OPERATION” or in “REBUILDING” status, use the show disk details EXEC command. When you see that RAID is rebuilding, you must let it complete that rebuild process. This rebuild process can take several hours.

If you do not wait for the RAID pairs to complete the rebuild process before you reboot the device, you may see the following symptoms indicating a problem:

Other unusual behaviors related to disk operations or the inability to perform them.

If you encounter any of these symptoms, reboot the WAE device and wait until the RAID rebuild finishes normally.

Recovering the System Software

WAAS devices have a resident rescue system image that is invoked if the image in flash memory is corrupted. A corrupted system image can result from a power failure that occurs while a system image is being written to flash memory. The rescue image can help you download a system image to the main memory of the device and write it to flash memory.

Note The system image used depends on your device. For all WAVE and WAE-674/7341/7371 devices (64-bit platforms), use the 64-bit system image (with “x86_64” in its name). For all other devices, use the 32-bit system image named without this designator.

An NPE image is provided that has the disk encryption feature disabled for use in countries where disk encryption is not permitted.

To install a new system image using the rescue image, follow these steps:

Step 1 Download the system image file (*.sysimg) to a host that is running an FTP server.

Step 2 Establish a console connection to the WAAS device and open a terminal session.

Step 3 Reboot the device by toggling the power on/off switch.

After a few seconds, the bootloader pauses and prompts you to enter 1 to boot WAAS, r to boot the rescue image, x to reboot, or 9 to escape to the loader prompt. You have 10 seconds to respond before the normal boot process continues.

Step 4 Enter r to boot the rescue image.

The rescue image dialog appears and differs depending on whether your WAAS device was initially manufactured with version 4.x or 5.x. Step 5 describes the rescue image on a device that was initially manufactured with version 5.x. Step 6 describes the rescue image on a device that was initially manufactured with version 4.x.

Step 5If you see the following output (from a device that was initially manufactured with version 5.x), login and use the copy install command to install the WAAS system software image (.bin file), as shown in the following example (user input is denoted by entries in bold typeface):

The device is running WAAS rescue image. WAAS functionality is unavailablein a rescue image. If the rescue image was loaded by accident, please reloadthe device. If the rescue image was loaded intentionally to reinstall WAAS softwareplease use the following command: copy [ftp|http|usb] install...SW up-to-date...Cisco Wide Area Virtualization Engine ConsoleUsername: adminPassword: System Initialization Finished.WAVE# copy ftp install 172.16.10.10 / waas-universal-5.1.1.12-k9.bin...Installing system image to flash... Creating backup of database content before database upgrade.The new software will run after you reload.WAVE# reloadProceed with reload?[confirm]yesShutting down all services, will timeout in 15 minutes.reload in progress..Restarting system.

Step 6If you see the following output (from a device that was initially manufactured with version 4.x), login and install the WAAS system image (.sysimg file), as shown in the following example (user input is denoted by entries in bold typeface):

This is the rescue image. The purpose of this software is to letyou download and install a new system image onto your system'sboot flash device. This software has been invoked either manually(if you entered `***' to the bootloader prompt) or has beeninvoked by the bootloader if it discovered that your system imagein flash had been corrupted.To download an image, this software will request the followinginformation from you: - which network interface to use - IP address and netmask for the selected interface - default gateway IP address - server IP address - which protocol to use to connect to server - username/password (if applicable) - path to system image on serverPlease enter an interface from the following list: 0: GigabitEthernet 0/0 1: GigabitEthernet 0/1enter choice: 0Using interface GigabitEthernet 0/0Please enter the local IP address to use for this interface:[Enter IP Address]: 172.16.22.22Please enter the netmask for this interface:[Enter Netmask]: 255.255.255.224Please enter the IP address for the default gateway:[Enter Gateway IP Address]: 172.16.22.1Please enter the IP address for the FTP server where you wishto obtain the new system image:[Enter Server IP Address]: 172.16.10.10Please enter your username on the FTP server (or 'anonymous'):[Enter Username on server (e.g. anonymous)]: anonymousPlease enter the password for username 'anonymous' on FTP server: Please enter the directory containing the image file on the FTP server:[Enter Directory on server (e.g. /)]: /Please enter the file name of the system image file on the FTP server:[Enter Filename on server (e.g. WAAS-x86_64-4.x.x-K9.sysimg)]: waas-x86_64-5.1.1.12-k9.sysimgHere is the configuration you have entered:Current config: IP Address: 172.16.22.22 Netmask: 255.255.255.224 Gateway Address: 172.16.22.1 Server Address: 172.16.10.10 Username: anonymous Password: Image directory: / Image filename: waas-x86_64-5.1.1.12-k9.sysimgAttempting download...Downloaded 31899648 byte image fileA new system image has been downloaded.You should write it to flash at this time.Please enter 'yes' below to indicate that this is what you want to do:[Enter confirmation ('yes' or 'no')]: yesOk, writing new image to flashFinished writing image to flash.Enter 'reboot' to reboot, or 'again' to download and install a new image:[Enter reboot confirmation ('reboot' or 'again')]: rebootRestarting system.Booting system, please wait.........

Step 7 Log in to the device as username admin. Verify that you are running the correct version by entering the show version command.

Rebooting is optional; however, you might want to reboot to ensure that the boot flags are reset, and to ensure that subsequent console administrator logins do not bypass the password check.

Note In the WAAS software, the bootflags are reset to 0x0 on every reboot.

Recovering from Missing Disk-Based Software

This section describes how to recover from the following types of disk drive issues:

Your WAAS device contains a single disk drive that needs to be replaced due to a disk failure.

Your WAAS device contains two disk drives and you intentionally deleted the disk partitions on both drives (diks00 and disk01).

Systems with two or more disk drives are normally protected automatically by RAID-1 on critical system partitions, so the procedures in this section do not need to be followed when replacing a disk drive in a multi-drive system.

Recovering WAAS Device Registration Information

Device registration information is stored both on the device itself and on the WAAS Central Manager. If a device loses its registration identity or needs to be replaced because of a hardware failure, the WAAS network administrator can issue a CLI command to recover the lost information, or in the case of adding a new device, assume the identity of the failed device.

To recover lost registration information, or to replace a failed device with a new one having the same registration information, follow these steps:

Step 1 Mark the failed device as “Inactive” and “Replaceable” by completing the following steps:

a. From the Central Manager menu, choose Devices > device-name.

b. Choose device-name > Activation.

c. Uncheck the Activate check box. The window refreshes, displaying a check box for marking the device as replaceable.

d. Check the Replaceable check box, and click Submit.

Note This check box appears in the GUI only when the device is inactive.

Step 2 If the failed device is configured as a non-optimizing peer with another device, disable the peer settings on the other device.

A pop-up message appears if the failed device is a non-optimizing peer and the message indicates the device that is its non-optimizing peer. When a device is replaced, its device ID changes and so the non-optimizing peer configuration must be updated.

b. Click the Edit icon next to the System.device.recovery.key property. The Modifying Config Property window appears.

c. Enter a password in the Value field, and click Submit. The default password is default.

Step 4 Configure the basic network settings for the new device.

Step 5 Open a Telnet session to the device CLI and enter the cms recover identity keyword EXEC command. keyword is the device recovery key that you configured in the WAAS Central Manager GUI.

When the WAAS Central Manager receives the recovery request from the WAAS device, it searches its database for the device record that meets the following criteria:

The record is inactive and replaceable.

The record has the same hostname or primary IP address as given in the recovery request.

If the recovery request matches the device record, then the WAAS Central Manager updates the existing record and sends the requesting device a registration response. The replaceable state is cleared so that no other device can assume the same identity. When the WAAS device receives its recovered registration information, it writes it to file, initializes its database tables, and starts.

Step 6 Enter the following commands to enable the CMS service on the device:

WAE# configWAE(config)# cms enableWAE(config)# exit

Step 7 Activate the device:

a. From the WAAS Central Manager menu, choose Devices > device-name.

b. Choose Device Name > Activation. The WAAS device status should be Online.

Performing Disk Maintenance for RAID-1 Systems

WAAS supports hot-swap functionality for both failed disk replacement and scheduled disk maintenance. When a disk fails, WAAS automatically detects the disk failure, marks the disk as bad, and removes the disk from the RAID-1 volume. To schedule disk maintenance, you must manually shut down the disk.

You must wait for the disk to be completely shut down before you physically remove the disk from the WAE. When the RAID removal process is complete, WAAS generates a disk failure alarm and trap. In addition, a syslog ERROR message is logged.

Note If the removal event (such as, a disk failure or software shutdown) occurs while the RAID array is in the rebuild process, the RAID removal process may take up to 1 minute to complete. The duration of this process depends on the size of the disk.

If the WAAS software removes a failed disk during the RAID rebuild process, a RAID rebuild failure alarm is generated. If you administratively shut down the disk during the RAID rebuild process, a RAID rebuild abort alarm is generated instead.

When you install a replacement disk, the WAAS software detects the replacement disk and performs compatibility checks on the disk, initializes the disk by creating partitions, and adds the disk to the software RAID to start the RAID rebuild process.

If the newly inserted disk has the same disk ID as a disk that was previously marked bad in the same physical slot, then the disk will not be mounted, and the post-replacement checks, initialization, and RAID rebuilding will not occur.

A newly installed disk must be of the same type and speed as the old disk and it must meet the following compatibility requirements:

If the replacement disk is for disk00, disk02, or disk04 of a RAID pair, the replacement disk must be the same size as the running disk in the array.

If the replacement disk is for disk01, disk03, or disk05 of a RAID pair, then the replacement disk must have the same or greater RAID capacity as the running disk in the array.

Compatibility checks, which are part of the hot-swap process, check for capacity compatibility. Incompatibility generates an alarm and aborts the hot-swap process.

b. Wait for the disk to be completely shut down before you physically remove the disk from the WAE. When the RAID removal process is complete, WAAS generates a disk failure alarm and trap. In addition, a syslog ERROR message is logged.

Note We recommend that you disable the disk error-handling reload option, if enabled, because it is not necessary to power down the system to remove a disk.

Step 2 Insert a replacement disk into the slot in the WAE. The replacement disk must have a disk ID number that is different from the disk that it is replacing.

Replacing Disks in RAID-5 Systems

To remove and replace a physical disk drive in a system that uses a RAID-5 logical drive, follow these steps:

Step 1 Enter the disk disk-name diskxx replace command in EXEC mode at the WAAS CLI on the WAE.

Step 2 Verify that the disk drive diskxx is in the Defunct state by entering the show disks details command in EXEC mode. The RAID logical drive is in the Critical state at this point.

Step 3 Move the handle on the drive to the open position (perpendicular to the drive).

Step 4 Pull the hot-swap drive assembly from the bay.

Step 5 Wait for one minute and then insert the new drive into the same slot by aligning the replacement drive assembly with guide rails in the bay and sliding the drive assembly into the bay until it stops. Make sure that the drive is properly seated in the bay.

Step 6 Close the drive handle.

Step 7 Check the hard disk drive status LED to verify that the hard disk drive is operating correctly. If the amber hard disk drive status LED for a drive is lit continuously, that drive is faulty and must be replaced. If the green hard disk drive activity LED is flashing, the drive is being accessed.

Note If a disk is shut down using the disk disk-name diskxx replace EXEC command and the same disk is removed and reinserted, it can be reenabled by using the EXEC command disk disk-name diskxx enable force. This process is applicable even if the disk is not removed and needs to be reenabled. This command is not applicable if a new disk is inserted.

Step 8 Wait 1 minute and then verify that the replaced disk drive is in the Rebuilding state by using the show disks details command in EXEC mode.

Note The ServeRAID controller automatically starts the rebuild operation when it detects the removal and reinsertion of a drive that is part of the logical RAID drive.

Step 9 Wait until the rebuild operation is complete. You can check if the rebuild operation is complete by using the show disks details command in EXEC mode. The physical drive state will be Online and the RAID logical drive state will be Okay after the rebuild operation is completed.

A 300-GB SAS drive may take up to 5 hours to finish rebuilding.

If you have multiple disk failures and your RAID-5 logical status is Offline, you must recreate the RAID-5 array by following these steps:

Step 2 Enter the write command in EXEC mode to save the running configuration to NVRAM.

Step 3 Enter the reload command in EXEC mode to reload the system.

Step 4 Enter the show disks details command in EXEC mode to check the system configuration after the system is rebooted. At this point, the disks are not mounted and the logical RAID drive should be in the Shutdown state.

Step 6 After successful execution of the previous command, enter global configuration mode and then enter the no disk logical shutdown command to disable the logical disk shutdown configuration.

Step 7 Enter the write command in EXEC mode to save the configuration to NVRAM.

Step 8 Enter the reload command in EXEC mode to reload the system.

Step 9 Enter the show disks details command in EXEC mode to check the system configuration after the system is rebooted. At this point, the disks should be mounted and the logical RAID drive should not be in the Shutdown state.

Step 10 Wait until the rebuild operation is complete. You can check if the rebuild operation is complete by using the show disks details command in EXEC mode. The physical drive state will be Online and the RAID logical drive state will be Okay after the rebuild operation is completed.

It takes several hours to finish rebuilding the RAID-5 array.

After a multiple disk failure or RAID controller failure, and after the drives are replaced and the RAID disk is rebuilt, the logical disk may remain in the error state. To reenable the disk, use the no disk logical shutdown force command, then reload the WAE.

Configuring the Central Manager Role

The WAAS software implements a standby WAAS Central Manager. This process allows you to maintain a copy of the WAAS network configuration on a second WAAS Central Manager device. If the primary WAAS Central Manager fails, the standby can be used to replace the primary.

For interoperability, when a standby WAAS Central Manager is used, it must be at the same software version as the primary WAAS Central Manager to maintain the full WAAS Central Manager configuration. Otherwise, the standby WAAS Central Manager detects this status and does not process any configuration updates that it receives from the primary WAAS Central Manager until the problem is corrected.

Note Primary and standby Central Managers communicate on port 8443. If your network includes a firewall between primary and standby Central Managers, you must configure the firewall to allow traffic on port 8443 so that the Central Managers can communicate and stay synchronized.

Accelerator only—Includes Application Accelerator and AppNav Controller functionality only. If you want to change an Application Accelerator or AppNav Controller to a Central Manager, you must use the Universal software file.

If the WAE is operating with an Accelerator only image, you cannot convert it to a Central Manager until after you update it with the Universal software file, reload the device, change the device mode to central-manager, and then reload the device again. For information on updating a WAE, see the “Upgrading the WAAS Software” section.

You can use the show version EXEC command to check if the WAE is running an Accelerator only image. Also, the show running-config EXEC command displays the image type.

To convert a WAE with a Universal image to a standby Central Manager, follow these steps:

Step 1 Deregister the WAE from the Central Manager using the cms command:

WAE# cms deregister force

This command cleans up any previous association to any other Central Manager.

Step 2 Configure the device mode as Central Manager using the device command:

WAE# configureWAE(config)# device mode central-manager

You must reload the device to apply the changes.

Step 3 Configure the Central Manager role as standby using the central-manager command:

WAE(config)# central-manager role standby

Step 4 Configure the address of primary Central Manager using the central-manager command:

WAE(config)# central-manager address cm-primary-address

Step 5 Enable the CMS service using the cms command:

WAE(config)# cms enable

Converting a Primary Central Manager to a Standby Central Manager

To convert a primary Central Manager to a standby Central Manager, follow these steps:

Step 1 Deregister the Central Manager using the cms command:

WAE# cms deregister

This command cleans up any previous association to any other Central Manager.

Step 2 Configure the Central Manager role as standby using the central-manager command:

WAE# configureWAE(config)# central-manager role standby

Step 3 Configure the address of primary Central Manager using the central-manager command:

WAE(config)# central-manager address cm-primary-address

Step 4 Enable the CMS service using the cms command:

WAE(config)# cms enable

Converting a Standby Central Manager to a Primary Central Manager

If your primary WAAS Central Manager becomes inoperable, you can manually reconfigure one of your warm standby Central Managers to be the primary Central Manager. Configure the new role by using the global configuration central-manager role primary command as follows:

WAE# configureWAE(config)# central-manager role primary

This command changes the role from standby to primary and restarts the management service to recognize the change.

If you switch a warm standby Central Manager to primary while your primary Central Manager is still online and active, both Central Managers detect each other, automatically shut themselves down, and disable management services. The Central Managers are switched to halted, which is automatically saved in flash memory.

To return halted WAAS Central Managers to an online status, decide which Central Manager should be the primary device and which should be the standby device. On the primary device, execute the following CLI commands:

Switching Both Central Manager Roles

Caution When you switch a WAAS Central Manager from primary to standby, the configuration on the Central Manager is erased. The Central Manager, after becoming a standby, will begin replicating its configuration information from whichever Central Manager is now the primary. If standby and primary units are not synchronized before switching roles, important configuration information can be lost.

Before you switch Central Manager roles, follow these steps:

Step 1 Ensure that your Central Manager devices are running the same version of WAAS software.

Step 2 Synchronize the physical clocks on both devices so that both WAAS Central Managers have the same Coordinated Universal Time (UTC) configured.

Step 3 Ensure that the standby is synchronized with the primary by checking the status of the following items:

a. Check the online status of your devices.

The original standby Central Manager and all currently active devices should be showing as online in the Central Manager GUI. This step ensures that all other devices know about both Central Managers.

b. Check the status of recent updates from the primary WAAS Central Manager.

Use the show cms info EXEC command and check the time of the last update. To be current, the value of the Time of last config-sync field should be between 1 and 5 minutes old. You are verifying that the standby WAAS Central Manager has fully replicated the primary WAAS Central Manager configuration.

If the update time is not current, determine whether or not there is a connectivity problem or if the primary WAAS Central Manager is down. Fix the problem, if necessary, and wait until the configuration has replicated, as indicated by the time of the last update.

The CMS service is restarted automatically when you configure a role change.

Central Manager Failover and Recovery

If your primary WAAS Central Manager becomes inoperable, you can reconfigure one of your standby Central Managers to be the primary Central Manager and then later, when the failed Central Manager becomes available, you can reconfigure it to be primary again. Follow these steps:

Enabling Disk Encryption

Disk encryption addresses the need to securely protect sensitive information that flows through deployed WAAS systems and that is stored in WAAS persistent storage. The disk encryption feature includes two aspects: the actual data encryption on the WAE disk and the encryption key storage and management.

When you enable disk encryption, all data in WAAS persistent storage will be encrypted. The encryption key for unlocking the encrypted data is stored on the Central Manager, and key management is handled by the Central Manager. When you reboot the WAE after configuring disk encryption, the WAE retrieves the key from the Central Manager automatically, allowing normal access to the data that is stored in WAAS persistent storage.

Note If a WAE is unable to reach the WAAS Central Manager during a reboot, it will do everything except mount the encrypted partitions. In this state, all traffic will be handled as pass-through. Once communication with the WAAS Central Manager is restored (and the encryption key is obtained), the encrypted partitions are mounted. There is no loss of cache content.

Disk encryption requirements are as follows:

You must have a Central Manager configured for use in your network.

Your WAE devices must be registered with the Central Manager.

Your WAE devices must be online (have an active connection) with the Central Manager. This requirement applies only if you are enabling disk encryption.

You must reboot your WAE for the disk encryption configuration to take effect.

After you reboot your WAE, the encryption partitions are created using the new key, and any previously existing data is removed from the partition.

Any change to the disk encryption configuration, whether to enable or disable encryption, causes the disk to clear its cache. This feature protects sensitive customer data from being decrypted and accessed should the WAE ever be stolen.

If you enable disk encryption and then downgrade to a software version that does not support this feature, you will not be able to use the data partitions. In such cases, you must delete the disk partitions after you downgrade.

To enable and disable disk encryption from the WAE CLI, use the disk encrypt global configuration command.

Note If you are using an NPE image, the disk encryption feature has been disabled for use in countries where disk encryption is not permitted.

When you enable or disable disk encryption, the file system is reinitialized during the first subsequent reboot. Reinitialization may take from ten minutes to several hours, depending on the size of the disk partitions. During this time, the WAE will be accessible, but it will not be providing any services.

If you change the Central Manager IP address, or if you relocate the Central Manager, or replace one Central Manager with another Central Manager that has not copied over all of the information from the original Central Manager, and you reload the WAE when disk encryption is enabled, the WAE file system will not be able to complete the reinitialization process or obtain the encryption key from the Central Manager.

If the WAE fails to obtain the encryption key, disable disk encryption by using the no disk encrypt enable global configuration command from the CLI, and reload the WAE. Ensure connectivity to the Central Manager before you enable disk encryption and reload the WAE. This process will clear the disk cache.

Note When a standby Central Manager has been in service for at least 2 times the datafeed poll rate time interval (approximately 10 minutes) and has received management updates from the primary Central Manager, the updates will include the latest version of the encryption key. Failover to the standby in this situation occurs transparently to the WAE. The datefeed poll rate defines the interval for the WAE to poll the Central Manager for configuration changes. This interval is 300 seconds by default.

To view the encryption status details, use the show disks details EXEC command. While the file system is initializing, show disks details displays the following message: “ System initialization is not finished, please wait... ” You may also view the disk encryption status, whether it is enabled or disabled, in the Central Manager GUI, Device Dashboard window.

Configuring a Disk Error-Handling Method

Note Configuring and enabling disk error handling is no longer necessary for devices that support disk hot-swap. In WAAS 4.0.13 and later, the software automatically removes from service any disk with a critical error.

The WAAS Central Manager allows you to configure how disk errors should be handled and to define a disk device error-handling threshold for WAAS devices running software versions 4.1.1 and earlier.

If the bad disk drive is a critical disk drive, and the automatic reload feature is enabled, then the WAAS software marks the disk drive “bad” and the WAAS device is automatically reloaded. After the WAAS device is reloaded, a syslog message and an SNMP trap are generated.

Note The automatic reload feature is automatically enabled and not configurable on devices running WAAS version 4.1.3 and later.

To configure a disk error-handling method using the WAAS Central Manager GUI, follow these steps:

Step 3 Check the Enable check box to enable the window for configuration, and then check the following options as necessary:

Enable Disk Error Handling Reload — Forces the device to reload the disk if the file system (sysfs) (disk00) has problems. This option appears only for device groups and version 4.1.1 and earlier WAAS devices and is disabled by default. It does not apply to WAAS versions later than 4.1.1.

Enable Disk Error Handling Threshold — Specifies the number of disk errors allowed before the disk is marked as bad. You must enter a number between 0 to 100 in the Threshold field. The default threshold is 10. This option is disabled by default. This option appears only for device groups and version 4.1.1 and earlier WAAS devices. It does not apply to WAAS versions later than 4.1.1.

Step 4 Click Submit to save the settings.

Enabling Extended Object Cache

The WAAS Central Manager allows you to configure additional disk space for CIFS object caching. Disk caching is used for DRE and CIFS to serve content at the edge. The extended object cache feature lets you choose the amount of disk storage that is used by CIFS and Virtual Blade Services.

This feature is supported only on WAVE-694-16G, WAVE-694-24G, WAE-674-4G, or WAE-674-8G models and does not have any effect on other models in a device group.

Note If extended object cache is enabled and the device is downgraded to a version prior to 4.2.1, all CIFS cache data, DRE cache data, and virtual blade data is lost.

Note If extended object cache is enabled on WAVE-694-16G, WAVE-694-24G, WAE-674-4G, or WAE-674-8G models with a virtual blade disk size that is greater than 30 GB, the device goes into override mode. In override mode, a Force Device Group settings button will be present on the device page (or device group page).

If you have a virtual blade enabled with a disk size that is greater than 30 GB, you must stop the virtual blade and remove the configuration before enabling extended object cache. Otherwise, the size of the virtual blade filesystem will be reduced to 30 GB.

Activating All Inactive WAAS Devices

Step 2 Click the Activate all inactive WAEs icon in the taskbar. The Activate All Inactive WAEs window appears.

Step 3 Choose an existing location for all inactivated WAAS devices by clicking the Select an existing location for all inactive WAEs radio button, and then choose a location from the drop-down list.

Alternatively, choose to create a new location for each inactive device by clicking the Create a new location for each inactive WAE radio button. Specify a parent location for all newly created locations by choosing a location from the Select a parent location for all newly created locations drop-down list.

Step 4 Click Submit. The inactive WAEs are reactivated and placed in the specified location.

Rebooting a Device or Device Group

Using the WAAS Central Manager GUI, you can reboot a device or device group remotely.

Step 2 Click the Reload icon in the Device Info pane. You are prompted to confirm your decision.

Step 3 Click OK to confirm that you want to reboot the device.

To reboot a device from the CLI, use the reload EXEC command.

If you reboot a WAAS Central Manager that has the secure store enabled with user-provided passphrase mode, you must reopen the secure store after the reboot by using the cms secure-store open EXEC command.

Step 2 In the taskbar, click the Reboot All Devices in Device Group icon. You are prompted to confirm your decision.

Step 3 Click OK to confirm that you want to reboot the device group.

Performing a Controlled Shutdown

A controlled shutdown refers to the process of properly shutting down a WAAS device without turning off the power on the device (the fans continue to run and the power LED remains on). With a controlled shutdown, all of the application activities and the operating system are properly stopped on the appliance, but the power remains on. Controlled shutdowns can help you minimize the downtime when the appliance is being serviced.

Caution If a controlled shutdown is not performed, the WAAS file system can be corrupted. It also takes longer to reboot the appliance if it was not properly shut down.

You can perform a controlled shutdown from the CLI by using the shutdown EXEC command. For more details, see the Cisco Wide Area Application Services Command Reference.

If you are running WAAS on a network module that is installed in a Cisco access router, perform a controlled shutdown from the router CLI by using the service-module integrated-service-engine slot/unit shutdown EXEC command. For more details, see the document Configuring Cisco WAAS Network Modules for Cisco Access Routers.